[Answered] Critically examine the role of UIDAI in ensuring a safe and sound system of issuing unique identification to individuals.

Aadhaar is pan-India biometric identifier. Consequently, it is the single most important database in India and one which is the real measure for all other databases. Recently, CAG presented its performance audit of Aadhaar’s regulator, Unique Identification Authority of India (UIDAI) which is a statutory authority established under the provisions of Aadhaar act, 2016 under the Ministry of Electronics & Information Technology.

Role of UIDAI in ensuring a safe and sound system:

• To provide for good governance, efficient, transparent and targeted delivery of benefits and services to residents of India through assigning of unique identity numbers.
• To develop policy, procedure and system for issuing Aadhaar number to residents of India by submitting their demographic and biometric information.
• To ensure security and confidentiality of identity information and authentication records of individuals.
• To develop policy, procedure and systems for updating and authenticating their digital identity.
• To make regulations & rules consistent with the Aadhaar Act, for carrying out the provisions of the Aadhaar Act.

Issues:

• Negligence in the organization: It not only generates data but also is entrusted with safely storing it. Often UIDAI generated Aadhaar numbers with lack of proper documentation or poor quality biometrics, which have resulted in multiple or duplicate Aadhaar cards being issued to the same person.
• Security of data: UIDAI has not ensured that the applications or devices used by agencies for authentication are capable of storing personal information or not, which puts the privacy of residents at risk.
• Looseness in execution: UIDAI operates Aadhaar through a layer of subcontractors. So, when an applicant’s biometrics are uploaded, it may be executed by the third layer of subcontractors. CAG’s report shows looseness in the process all through.
• Unable to detect cause of failure: Often UIDAI neither has granular data nor is it able to pinpoint the cause for authentication failures as there is no system present to do so.
• No data archiving policy which is considered to be an essential storage management practice.

Way forward:

• The UIDAI should go beyond self-declaration, and prescribe a procedure and require documentation in order to confirm and authenticate the residence status of applicants.
• UIDAI may frame a suitable data archival policy to mitigate the risk of vulnerability to data protection and to reduce data storage usage by eliminating duplicate data.